<?php

session_start();
$_SESSION['hallpass'] = true;
include "DBConnection.php";
require_once "./Objects/User.php";
require_once "security.php";

//check if an attacker is trying to spoof us
is_spoofing("register_employer");

//avoid SQL Injection
$uname = mysql_real_escape_string($_POST['email']);
$company_name = mysql_real_escape_string($_POST['cname']); //company name
$company_field = mysql_real_escape_string($_POST['cfield']); //company field
$region = 	mysql_real_escape_string($_POST['loca']);
$_SESSION['uname'] = $uname;

$password = $_POST['password'];
$salt = createSalt();
$hash = crypt($password, $salt);

//spl_autoload_register();
//include("DBConnection.php");
$connection = new Connection(); //connect to the DB

//avoid SQL Injection
//$user = new User(mysql_real_escape_string($_POST['email']),mysql_real_escape_string($hash),$salt,time());


//avoid SQL Injection
/*
$email = mysql_real_escape_string($_POST['email']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$id = mysql_real_escape_string($_POST['id']);
$hash = mysql_real_escape_string($hash);
//$pass = mysql_real_escape_string($_POST['pass']);
//$pass = crypt($pass);

*/
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$id = mysql_real_escape_string($_POST['id']);

$confirmation_code = uniqid(rand(0,10), true);

//FOR DEVELOPMENT REASONS WE WRITE TO worker, BUT NEED TO CHANGE IT TO temp_user
/*$query="INSERT INTO workertrack.worker (w_email, firstname, lastname,w_id,pass,salt,confirmation)
VALUES ('$user->email','$fname','$lname','$id','$user->password','$salt','$confirmation_code')";
*/

$query="INSERT INTO workertrack.employer (emp_email, emp_name, password,salt)
VALUES ('$user->email','$fname','$lname','$id','$user->password','$salt')";
$connection->execute_query($query);


$connection->close_connection();

/*
$to = $user->email;
$from = "a";
$subject = "Thank you for registering to WorkerTrack!";

$body = "Hello , please use this  link to confirm your email http://localhost/webproject/PHP/confirmation.php?conf=$confirmation_code";


if (mail($to, $subject, $body,$from)) {
   echo("<p>Message successfully sent!</p>");
  } else {
   echo("<p>Message delivery failed...</p>");
  }
*/

//For development - continuing without spoof security and e-mail confirm
$_SESSION['hallpass'] = false;
header('Location: ../HTML/resworker.php');

?>